1.\" $NetBSD: ssh-add.1,v 1.4 2010/11/21 18:29:49 adam Exp $ 2.\" $OpenBSD: ssh-add.1,v 1.52 2010/03/05 10:28:21 djm Exp $ 3.\" 4.\" -*- nroff -*- 5.\" 6.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" As far as I am concerned, the code I have written for this software 11.\" can be used freely for any purpose. Any derived versions of this 12.\" software must be clearly marked as such, and if the derived work is 13.\" incompatible with the protocol description in the RFC file, it must be 14.\" called by a name other than "ssh" or "Secure Shell". 15.\" 16.\" 17.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 18.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 19.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 20.\" 21.\" Redistribution and use in source and binary forms, with or without 22.\" modification, are permitted provided that the following conditions 23.\" are met: 24.\" 1. Redistributions of source code must retain the above copyright 25.\" notice, this list of conditions and the following disclaimer. 26.\" 2. Redistributions in binary form must reproduce the above copyright 27.\" notice, this list of conditions and the following disclaimer in the 28.\" documentation and/or other materials provided with the distribution. 29.\" 30.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 31.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 32.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 33.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 34.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 35.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 36.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 37.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 38.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 39.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 40.\" 41.Dd March 5, 2010 42.Dt SSH-ADD 1 43.Os 44.Sh NAME 45.Nm ssh-add 46.Nd adds RSA or DSA identities to the authentication agent 47.Sh SYNOPSIS 48.Nm ssh-add 49.Op Fl cDdLlXx 50.Op Fl t Ar life 51.Op Ar 52.Nm ssh-add 53.Fl s Ar pkcs11 54.Nm ssh-add 55.Fl e Ar pkcs11 56.Sh DESCRIPTION 57.Nm 58adds RSA or DSA identities to the authentication agent, 59.Xr ssh-agent 1 . 60When run without arguments, it adds the files 61.Pa ~/.ssh/id_rsa , 62.Pa ~/.ssh/id_dsa 63and 64.Pa ~/.ssh/identity . 65After loading a private key, 66.Nm 67will try to load corresponding certificate information from the 68filename obtained by appending 69.Pa -cert.pub 70to the name of the private key file. 71Alternative file names can be given on the command line. 72.Pp 73If any file requires a passphrase, 74.Nm 75asks for the passphrase from the user. 76The passphrase is read from the user's tty. 77.Nm 78retries the last passphrase if multiple identity files are given. 79.Pp 80The authentication agent must be running and the 81.Ev SSH_AUTH_SOCK 82environment variable must contain the name of its socket for 83.Nm 84to work. 85.Pp 86The options are as follows: 87.Bl -tag -width Ds 88.It Fl c 89Indicates that added identities should be subject to confirmation before 90being used for authentication. 91Confirmation is performed by the 92.Ev SSH_ASKPASS 93program mentioned below. 94Successful confirmation is signaled by a zero exit status from the 95.Ev SSH_ASKPASS 96program, rather than text entered into the requester. 97.It Fl D 98Deletes all identities from the agent. 99.It Fl d 100Instead of adding identities, removes identities from the agent. 101If 102.Nm 103has been run without arguments, the keys for the default identities will 104be removed. 105Otherwise, the argument list will be interpreted as a list of paths to 106public key files and matching keys will be removed from the agent. 107If no public key is found at a given path, 108.Nm 109will append 110.Pa .pub 111and retry. 112.It Fl e Ar pkcs11 113Remove keys provided by the PKCS#11 shared library 114.Ar pkcs11 . 115.It Fl L 116Lists public key parameters of all identities currently represented 117by the agent. 118.It Fl l 119Lists fingerprints of all identities currently represented by the agent. 120.It Fl s Ar pkcs11 121Add keys provided by the PKCS#11 shared library 122.Ar pkcs11 . 123.It Fl t Ar life 124Set a maximum lifetime when adding identities to an agent. 125The lifetime may be specified in seconds or in a time format 126specified in 127.Xr sshd_config 5 . 128.It Fl X 129Unlock the agent. 130.It Fl x 131Lock the agent with a password. 132.El 133.Sh ENVIRONMENT 134.Bl -tag -width Ds 135.It Ev "DISPLAY" and "SSH_ASKPASS" 136If 137.Nm 138needs a passphrase, it will read the passphrase from the current 139terminal if it was run from a terminal. 140If 141.Nm 142does not have a terminal associated with it but 143.Ev DISPLAY 144and 145.Ev SSH_ASKPASS 146are set, it will execute the program specified by 147.Ev SSH_ASKPASS 148and open an X11 window to read the passphrase. 149This is particularly useful when calling 150.Nm 151from a 152.Pa .xsession 153or related script. 154(Note that on some machines it 155may be necessary to redirect the input from 156.Pa /dev/null 157to make this work.) 158.It Ev SSH_AUTH_SOCK 159Identifies the path of a 160.Ux Ns -domain 161socket used to communicate with the agent. 162.El 163.Sh FILES 164.Bl -tag -width Ds 165.It Pa ~/.ssh/identity 166Contains the protocol version 1 RSA authentication identity of the user. 167.It Pa ~/.ssh/id_dsa 168Contains the protocol version 2 DSA authentication identity of the user. 169.It Pa ~/.ssh/id_rsa 170Contains the protocol version 2 RSA authentication identity of the user. 171.El 172.Pp 173Identity files should not be readable by anyone but the user. 174Note that 175.Nm 176ignores identity files if they are accessible by others. 177.Sh DIAGNOSTICS 178Exit status is 0 on success, 1 if the specified command fails, 179and 2 if 180.Nm 181is unable to contact the authentication agent. 182.Sh SEE ALSO 183.Xr ssh 1 , 184.Xr ssh-agent 1 , 185.Xr ssh-keygen 1 , 186.Xr sshd 8 187.Sh AUTHORS 188OpenSSH is a derivative of the original and free 189ssh 1.2.12 release by Tatu Ylonen. 190Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 191Theo de Raadt and Dug Song 192removed many bugs, re-added newer features and 193created OpenSSH. 194Markus Friedl contributed the support for SSH 195protocol versions 1.5 and 2.0. 196